CVE-2020-25738

CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...

Hetty - An HTTP Toolkit For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle MITM HTTP/1.1 proxy with logs Project based...

sqlite: Out-of-bounds read in SELECT with ON/USING clause

An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality...

sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...

flatCore Code Issue Vulnerability

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore versions prior to 1.5.7. An attacker can exploit the vulnerability to upload and execute .php files...

UBUNTU-CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation...

CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation...

PT-2020-1264 · Sqlite +9 · Sqlite +9

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.32.3 Description: The issue is related to a heap overflow in SQLite due to the misuse of transitive properties for constant propagation, which can lead to local information disclosure. This is caused by a missing...

ALPINE-CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c...

Grandstream UCM6200 Elevation of Privilege Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. A security vulnerability exists in the Grandstream UCM6200 series version 1.0.20.22 and prior versions, which originates from the program storing unencrypted user passwords in a SQLite database...

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges...

CVE-2020-5723

CVE-2020-5723 affects Grandstream UCM62xx/UCM6200 series (firmware 1.0.20.22 and earlier). Root cause: unencrypted user passwords stored in an SQLite database, enabling an attacker to retrieve passwords and potentially gain elevated privileges. Connected documents also reference related CVE-2020-...

sqlite: Out-of-bounds read in SELECT with ON/USING clause

An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality...

Code injection

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...

DEBIAN-CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference or incorrect results...

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive...

Multiple SQLite, Chrome WebSQL Component Remote Code Execution Vulnerabilities

SQLite is one of the most widely used lightweight database systems.Chrome is a browser developed by Google that includes a WebSQL feature that allows SQL statements to be executed directly through the browser. This feature is powered by SQLite. A remote code execution vulnerability exists in...

DEBIAN-CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

UBUNTU-CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

UBUNTU-CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...